Date: Fri, 7 Jan 2005 09:10:42 +0100 From: "Colin J. Raven" <colin@kenmore.kozy-kabin.nl> To: freebsd-questions@freebsd.org Subject: Re: Running top on system console without being logged on Message-ID: <Pine.NEB.4.61.9.0501070907540.27185@kenmore.kozy-kabin.nl> In-Reply-To: <659027645.20050106210412@wanadoo.fr> References: <1761142680.20050104050725@wanadoo.fr> <040201c4f372$06d09210$92a7cb52@rekon> <015301c4f3e8$58464920$92a7cb52@rekon> <659027645.20050106210412@wanadoo.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 6 at 21:04, Anthony Atkielski launched this into the bitstream: > Reko Turja writes: > > RT> Actually not command line options as such, but you can make a login > RT> class for the top user in /etc/login.conf and feed the options via TOP > RT> environment variable from there. > RT> > RT> You cant shell out from top and renicing from non root account is > RT> impossible (except dropping the niceness of your own process). I think > RT> the approach is secure enough and if you give "topper" good enough > RT> password or deny logon from anywhere except from console, everything > RT> should be ok. Of course if the terminal is accessible to others than > RT> administrative staff, giving out the usernames can be a risk, but you > RT> can use the usernumbers option to avoid giving out the usernames. > RT> > RT> Did myself something very similar with a IPless firewall between a while > RT> back but I ran vmstat in the console instead. Good one glance monitoring > RT> without the need of logging on the machine itself. > > I created a special user that logs directly into top. I don't run > telnet or anything so login isn't possible from anywhere else, and it's > a plain user account with a good password. It seems to work pretty > well. > While masking the machine/LAN/location specific info, could you please post how you did this? What shell etc etc. I (for one) would be *most* grateful for this since (like many apparently) I'd like to do this too. Not mission critical in my case, but wildly cool if it could be done securely. Regards & TIA, -Colin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.61.9.0501070907540.27185>